generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

PR: 2136

Browse Source 
Submitted by: Willy Weisz <weisz@vcpc.univie.ac.at>

Add options to output hash using older algorithm compatible with OpenSSL
versions before 1.0.0
This commit is contained in:
Dr. Stephen Henson 2010-01-12 17:27:11 +00:00
parent 23c3bee970
commit 93fac08ec3
5 changed files with 68 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -3,6 +3,10 @@
_______________ _______________
Changes between 0.9.8m (?) and 1.0.0 [xx XXX xxxx] Changes between 0.9.8m (?) and 1.0.0 [xx XXX xxxx]
*) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
output hashes compatible with older versions of OpenSSL.
[Willy Weisz <weisz@vcpc.univie.ac.at>]
*) Fix compression algorithm handling: if resuming a session use the *) Fix compression algorithm handling: if resuming a session use the
compression algorithm of the resumed session instead of determining compression algorithm of the resumed session instead of determining

29
apps/x509.c
View File

@ -99,7 +99,13 @@ static const char *x509_usage[]={
" -passin arg - private key password source\n", " -passin arg - private key password source\n",
" -serial - print serial number value\n", " -serial - print serial number value\n",
" -subject_hash - print subject hash value\n", " -subject_hash - print subject hash value\n",
#ifndef OPENSSL_NO_MD5
" -subject_hash_old - print old-style (MD5) subject hash value\n",
#endif
" -issuer_hash - print issuer hash value\n", " -issuer_hash - print issuer hash value\n",
#ifndef OPENSSL_NO_MD5
" -issuer_hash_old - print old-style (MD5) issuer hash value\n",
#endif
" -hash - synonym for -subject_hash\n", " -hash - synonym for -subject_hash\n",
" -subject - print subject DN\n", " -subject - print subject DN\n",
" -issuer - print issuer DN\n", " -issuer - print issuer DN\n",
@ -179,6 +185,9 @@ int MAIN(int argc, char **argv)
int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0; int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
int next_serial=0; int next_serial=0;
int subject_hash=0,issuer_hash=0,ocspid=0; int subject_hash=0,issuer_hash=0,ocspid=0;
#ifndef OPENSSL_NO_MD5
int subject_hash_old=0,issuer_hash_old=0;
#endif
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0; int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int ocsp_uri=0; int ocsp_uri=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0; int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
@ -397,8 +406,16 @@ int MAIN(int argc, char **argv)
else if (strcmp(*argv,"-hash") == 0 else if (strcmp(*argv,"-hash") == 0
|| strcmp(*argv,"-subject_hash") == 0) || strcmp(*argv,"-subject_hash") == 0)
subject_hash= ++num; subject_hash= ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp(*argv,"-subject_hash_old") == 0)
subject_hash_old= ++num;
#endif
else if (strcmp(*argv,"-issuer_hash") == 0) else if (strcmp(*argv,"-issuer_hash") == 0)
issuer_hash= ++num; issuer_hash= ++num;
#ifndef OPENSSL_NO_MD5
else if (strcmp(*argv,"-issuer_hash_old") == 0)
issuer_hash_old= ++num;
#endif
else if (strcmp(*argv,"-subject") == 0) else if (strcmp(*argv,"-subject") == 0)
subject= ++num; subject= ++num;
else if (strcmp(*argv,"-issuer") == 0) else if (strcmp(*argv,"-issuer") == 0)
@ -759,10 +776,22 @@ bad:
{ {
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x)); BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
} }
#ifndef OPENSSL_NO_MD5
else if (subject_hash_old == i)
{
BIO_printf(STDout,"%08lx\n",X509_subject_name_hash_old(x));
}
#endif
else if (issuer_hash == i) else if (issuer_hash == i)
{ {
BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x)); BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
} }
#ifndef OPENSSL_NO_MD5
else if (issuer_hash_old == i)
{
BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash_old(x));
}
#endif
else if (pprint == i) else if (pprint == i)
{ {
X509_PURPOSE *ptmp; X509_PURPOSE *ptmp;

5
crypto/x509/x509.h
View File

@ -961,6 +961,11 @@ unsigned long X509_issuer_name_hash(X509 *a);
int X509_subject_name_cmp(const X509 *a, const X509 *b); int X509_subject_name_cmp(const X509 *a, const X509 *b);
unsigned long X509_subject_name_hash(X509 *x); unsigned long X509_subject_name_hash(X509 *x);
#ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_name_hash_old(X509 *a);
unsigned long X509_subject_name_hash_old(X509 *x);
#endif
int X509_cmp(const X509 *a, const X509 *b); int X509_cmp(const X509 *a, const X509 *b);
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
unsigned long X509_NAME_hash(X509_NAME *x); unsigned long X509_NAME_hash(X509_NAME *x);

14
crypto/x509/x509_cmp.c
View File

@ -133,6 +133,13 @@ unsigned long X509_issuer_name_hash(X509 *x)
return(X509_NAME_hash(x->cert_info->issuer)); return(X509_NAME_hash(x->cert_info->issuer));
} }
#ifndef OPENSSL_NO_MD5
unsigned long X509_issuer_name_hash_old(X509 *x)
{
return(X509_NAME_hash_old(x->cert_info->issuer));
}
#endif
X509_NAME *X509_get_subject_name(X509 *a) X509_NAME *X509_get_subject_name(X509 *a)
{ {
return(a->cert_info->subject); return(a->cert_info->subject);
@ -148,6 +155,13 @@ unsigned long X509_subject_name_hash(X509 *x)
return(X509_NAME_hash(x->cert_info->subject)); return(X509_NAME_hash(x->cert_info->subject));
} }
#ifndef OPENSSL_NO_MD5
unsigned long X509_subject_name_hash_old(X509 *x)
{
return(X509_NAME_hash_old(x->cert_info->subject));
}
#endif
#ifndef OPENSSL_NO_SHA #ifndef OPENSSL_NO_SHA
/* Compare two certificates: they must be identical for /* Compare two certificates: they must be identical for
* this to work. NB: Although "cmp" operations are generally * this to work. NB: Although "cmp" operations are generally

16
doc/apps/x509.pod
View File

@ -158,6 +158,16 @@ outputs the "hash" of the certificate issuer name.
synonym for "-subject_hash" for backward compatibility reasons. synonym for "-subject_hash" for backward compatibility reasons.
=item B<-subject_hash_old>
outputs the "hash" of the certificate subject name using the older algorithm
as used by OpenSSL versions before 1.0.0.
=item B<-issuer_hash_old>
outputs the "hash" of the certificate issuer name using the older algorithm
as used by OpenSSL versions before 1.0.0.
=item B<-subject> =item B<-subject>
outputs the subject name. outputs the subject name.
@ -837,4 +847,10 @@ L<x509v3_config(5)|x509v3_config(5)>
Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. Before OpenSSL 0.9.8, the default digest for RSA keys was MD5.
The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
canonical version of the DN using SHA1. This means that any directories using
the old form must have their links rebuilt using B<c_rehash> or similar.
=cut =cut